Eggdrop: Buffer overflow — GLSA 200709-07

A remote stack-based buffer overflow has been discovered in Eggdrop.

Affected Packages

net-irc/eggdrop on all architectures
Affected versions < 1.6.18-r3
Unaffected versions >= 1.6.18-r3

Background

Eggdrop is an IRC bot extensible with C or Tcl.

Description

Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.

Impact

A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.

Workaround

There is no known workaround at this time.

Resolution

All Eggdrop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"

References

Release Date
September 15, 2007

Latest Revision
September 26, 2007: 02

Severity
normal

Exploitable
remote

Bugzilla entries